Skip to content

feat(ai): Update docs to reflect AWS identity usage for AWS Guardrails Plugin #5514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tysoekong wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(ai): Update docs to reflect AWS identity usage for AWS Guardrails Plugin #5514

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 35 additions & 1 deletion app/_how-tos/ai-gateway/use-ai-aws-guardrails-plugin.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,9 @@ prereqs:
icon_url: /assets/icons/openai.svg
- title: AWS Account
content: |
To complete this tutorial, you will need the following credentials
To complete this tutorial, you will need either:

1. The following credentials:

* AWS_REGION
Comment on lines +56 to 60
* AWS_ACCESS_KEY_ID
Expand All @@ -65,6 +67,8 @@ prereqs:
export DECK_AWS_ACCESS_KEY_ID='YOUR_AWS_ACCESS_KEY'
export DECK_AWS_SECRET_ACCESS_KEY='YOUR_AWS_SECRET_ACCESS_KEY'
```

2. Or an (e.g.) AWS IAM Web Identity / Instance Profile / etc IAM Role, assigned the the workload that is running the Kong instance(s).
icon_url: /assets/icons/aws.svg

- title: Bedrock Guardrail
Expand Down Expand Up @@ -116,6 +120,8 @@ variables:

Now, we can configure our AI AWS Guardrails plugin to enforce content moderation policies by attaching a predefined Bedrock guardrail to requests.

For static IAM keys, configure the plugin as follows:

{% entity_examples %}
entities:
plugins:
Expand All @@ -140,6 +146,34 @@ variables:
{% endentity_examples %}


Whereas for an assigned Web Identity / Instance Profile / etc IAM Role, simply leave the `aws_access_key_id` and `aws_secret_access_key`
fields empty. In this setup example, Kong will run through the [standard credentials provider chain](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_default_chain.html) and select the first successfully
authenticated credential set.
Comment on lines +149 to +151

{% entity_examples %}
entities:
plugins:
- name: ai-aws-guardrails
config:
guardrails_id: ${guardrails_id}
guardrails_version: ${guardrails_version}
aws_region: ${aws_region}
variables:
guardrails_id:
value: $GUARDRAILS_ID
guardrails_version:
value: $GUARDRAILS_VERSION
aws_region:
value: $AWS_REGION
aws_access_key_id:
value: $AWS_ACCESS_KEY_ID
aws_secret_access_key:
value: $AWS_SECRET_ACCESS_KEY
Comment on lines +161 to +171
{% endentity_examples %}

You can also set the `aws_assume_role_arn` to also use the assigned identity to assume a **second** role,
either in the same AWS account or in another.
Comment on lines +174 to +175

## Test the configuration

Now, let’s revisit our [guardrail configuration](#bedrock-guardrail). We set it up to block specific banned words, the topic of quantum computing, and content categories like violence, hate, sexual content, insults, and misconduct—applying blocking actions on both input and output.
Expand Down
Loading